[Bro] CVE-2014-6271/ detection script
Scott Campbell
scampbell at lbl.gov
Wed Sep 24 19:53:49 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I just posted a quick policy file which should look at header fields
and examine the data section for the telltale formatting of a bash
function.
I have *not* tested this extensively, so please test before deploying.
Happy to update with better regex etc...
https://github.com/set-element/misc-scripts/blob/master/header-test.bro
cheers,
scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlQjg70ACgkQK2Plq8B7ZByhoACgzW+/Ks+8LzNErWW+TiVOnn8C
T+kAnjmS6ilxS6NbxFkybu8iI53NAq3Y
=d76q
-----END PGP SIGNATURE-----
More information about the Bro
mailing list